<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <div th:replace="~{common/common::head}"></div>
</head>

<body>
<div class="layuimini-container">
    <div class="layuimini-main">
        <!-- DoS攻击部分 -->
        <div class="layui-row layui-col-space15">
            <div class="layui-col-md12">
                <fieldset class="layui-elem-field layui-field-title">
                    <legend>
                        <a class="dos" style="color: rgb(30 159 255)">其他漏洞 - Dos攻击</a>
                    </legend>
                    <blockquote class="layui-elem-quote layui-quote-nm" style="background-color: #a7deefab;">
                        <p>
                        <pre>  DoS攻击：由单一来源发起，旨在使目标服务不可用，通常规模较小，易于防御</pre>
                        <pre>  DDoS攻击：由多个来源协同发起，产生巨量流量，导致大规模服务中断，防御难度较大</pre>
                        </p>
                    </blockquote>
                </fieldset>
            </div>

            <!-- 漏洞场景部分：验证码参数可控 -->
            <div class="layui-col-md12">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-bug">  漏洞场景：验证码参数可控</span></h1>
                        <div class="layui-tab layui-tab-brief">
                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <p>图片功能点(二维码/验证码)参数长、宽可控时，可能导致拒绝服务</p>
                                        <a target="_blank" href="/other/dos/vul?width=10000&height=10000">
                                            <button class="layui-btn layui-btn-normal" style="width: 100px;">Run</button>
                                        </a>
                                    </blockquote>
                                </div>
                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code">  缺陷代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="vulDos"></div>
                        </div>
                    </div>
                </div>
            </div>

            <!-- 漏洞场景：ZIP解压炸弹 -->
            <div class="layui-col-md12">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-bug"> 漏洞场景：ZIP解压炸弹</span></h1>
                        <div class="layui-tab layui-tab-brief">
                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <button type="button" class="layui-btn" id="uploadZipFile">
                                            <i class="layui-icon">&#xe67c;</i>选择文件
                                        </button>
                                        <div style="display: flex; align-items: center;">
                                            <p> ZIP解压炸弹</p>
                                        </div>
                                        <button type="button" class="layui-btn layui-btn-normal" id="uploadZip">上传文件</button>
                                    </blockquote>
                                </div>

                                <!-- 提示信息 -->
                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i> tips</div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre>某些功能点后端会对上传的文件进行解压并且可以递归解压
测试zip：https://www.bamsoftware.com/hacks/zipbomb/zbsm.zip
漏洞原理：解压zbxl.zip炸弹以后会出现16个压缩包，每个压缩包又包含16个，循环5次，最后得到16的5次方个文件，也就是1048576个文件，一百多万个最终文件，每个大小为4.3GB</pre>
                                        </div>
                                    </div>
                                </div>

                                <!-- 测试结果 -->
                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-warning icon-output"></i> 测试结果</div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre id="vul-result" style="color: red;"></pre>
                                        </div>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code"> 缺陷代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="vul2Dos"></div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>

<div th:replace="~{common/common::script}"></div>

<script type="text/javascript">
    document.addEventListener("DOMContentLoaded", function () {
        layui.use(['layer', 'miniTab', 'common', 'form'], function () {
            var $ = layui.jquery,
                layer = layui.layer,
                miniTab = layui.miniTab,
                form = layui.form,
                upload = layui.upload;

            miniTab.listen();
            layer.msg("其他漏洞-拒绝服务攻击");

            // 创建上传实例
            function createUploadInstance(config) {
                return upload.render({
                    elem: config.elem,
                    url: config.url,
                    method: config.method || 'post',
                    accept: config.accept || 'file',
                    exts: config.exts || 'zip',
                    auto: config.auto || false,
                    bindAction: config.bindAction,
                    size: config.size || 500,
                    multiple: config.multiple || false,
                    drag: config.drag || true,
                    done: function (res) {
                        console.log("上传文件成功：" + JSON.stringify(res));
                        $(config.resultElem).html(res.msg);  // 直接访问msg字段，而不是JSON.stringify(res).msg
                    },
                    error: function () {
                        console.log("上传文件失败");
                    }
                });
            }

            var uploadZipFile = createUploadInstance({
                elem: '#uploadZipFile',
                url: '/other/dos/vul2',
                bindAction: '#uploadZip',
                resultElem: '#vul-result',
                exts: 'zip'
            });


            // 设置代码编辑器配置
            var cmConfig = {
                lineNumbers: true,
                lineWrapping: false,
                indentUnit: 4,
                indentWithTabs: true,
                theme: 'juejin',
                styleActiveLine: { nonEmpty: true },
                fontSize: "18px",
                mode: "text/x-java"
            };

            // 初始化代码编辑器
            CodeMirror(document.getElementById("vulDos"), Object.assign({}, cmConfig, { value: vulDos }));
            CodeMirror(document.getElementById("vul2Dos"), Object.assign({}, cmConfig, { value: vul2Dos }));

            // hover 效果
            $('.dos').hover(function () {
                $(this).css('cursor', 'pointer');
                layer.tips('DoS与DDoS区别', this, {
                    tips: [1, '#0051ff'],
                    time: 2000
                });
            });

            // 点击显示图片
            $('.dos').on('click', function () {
                layer.open({
                    type: 1,
                    title: false,
                    closeBtn: 1,
                    area: ['760px', '500px'],
                    shadeClose: true,
                    content: '<div style="text-align: center;"><img src="/static/images/vul/dos/dos.jpeg" style="width: 100%; height: 100%;"></div>'
                });
            });
        });
    });
</script>

</body>
</html>
